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Wireless LANs based on the IEEE 802.11b standard have spread very quickly over the past 
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corporations. One of the most important issues is the authentication of a terminal to an 
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" ' terms, review 

We study protocols for strong authentication and key exchange in asymmetric scenarios 
where the authentication server possesses ~a pair of private and public keys while the 
client has only a weak human-memorizable password as its authentication key. We 
present and analyze several simple password authentication protocols in this scenario, and 
show that the security of these protocols can be formally proven based on standard 
cryptographic assumptions. Remarkably, our analysis shows optimal re ... 
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^ " terms 

This paper discusses an Implennentation of an authenticated key-exchange method 
rendered on message primitives defined in the WS-Trust and WS-SecureConversation 
specifications. This IEEE-specified cryptographic method (AuthA) is proven-secure for 
password-based authentication and key exchange, while the WS-Trust and WS- 
SecureConversation are emerging Web Services Security specifications that extend the 
WS-Security specification. A prototype of the presented protocol is integrated in the WS- 
Resour ... 

Keywords: authenticated key exchange, password, security, web services 
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Marc Joye, Sung-MIng Yen 
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Full text available: "Q.pdMlS^^^^^ Additional Information: fulLciMUpn. abstract, citings, index terms 

This paper introduces ID-based secret-key cryptography, in which secret keys are 
privately and uniquely binded to an identity. This enables to extend public-key 
cryptography features at the high throughput rate of secret-key cryptography. As 
applications, efficient login protocols, an enhanced version of Kerberos, and an ID-based 
MAC algorithm are presented. ID-based systems were initially developed in the context of 
public-key cryptography by removing the need of explicit public keys. The ... 

Keywords: ID-based systems, Kerberos, MACs, authentication protocols, one-time 
passwords, secret-key cryptography 
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Full text available* "PI pctf{262 76 KB) A^^'**^"^' Information: full citation , abstract , references , citings, index 
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This paper addresses the identifier ownership problem. It does so by using characteristics 
of Statistical Uniqueness and Cryptographic Verifiability (SUCV) of certain entities which 
this document calls SUCV Identifiers and Addresses, or, alternatively, Crypto-based 
Identifiers. Their characteristics allow them to severely limit certain classes of denial-of- 
service attacks and hijacking attacks. SUCV addresses are particularly applicable to solve 
the address ownership problem that hinders mechani ... 

Keywords: Security, address ownership, authorization, group management, mobile IPv6, 
opportunistic encryption 
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Aviel D. Rubin 

December 1997 Mobile Networks and Applications, volume 2 issue 3 
Publisher: Kluwer Academic Publishers 
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One of the greatest obstacles to wide-spread deployment of wireless mobile systems is 
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security. Cryptographlcally strong protocols and algorithms are required to enable secure 
communication over links that are easy to monitor and control by an attacker. While good 
cryptographic algorithms exist, it is difficult to design protocols that are Immune to 
malicious attack. Good analysis techniques are lacking. This paper presents extensions to 
a technique for specifying and analyzing nonmonotonic ... 

7 A hete rog ene o us - network aided public-key mana g ement scheme fo r mobile ad hoc Q 
oMworks 

Yuh-Min Tseng 

January 2007 International Journal of Network Management volume i7 issue i 
Publisher: John Wiley & Sons, Inc. 

Full text available: ^..pM2.31..1Q...K^^^ Additional Information: fuJI citatLo^^^ aMrict, referejice^^ index terms 

A mobile ad hoc network does not require fixed infrastructure to construct connections 
among nodes. Due to the particular characteristics of mobile ad hoc networks, most 
existing secure protocols in wired networks do not meet the security requirements for 
mobile ad hoc networks. Most secure protocols in mobile ad hoc networks, such as secure 
routing, key agreement and secure group communication protocols, assume that all nodes 
must have pre-shared a secret, or pre-obtained public-key certificate ... 

8 Staying secure in an insecure wo rld: 802. 1x secure wireles s computer conn ectivity Q 
^ for students, fe^ 

^ Steven K. Brawn, R. Mark Koan, Kelly Caye 

October 2004 Proceedings of the 32nd annual ACM SIGUCCS conference on User 
services SIGUCCS '04 

Publisher: ACM Press 

Full text available: '@..p.df{3.9^^^^^^ Additional. Information: full citatl^^ abstract, references , in de x terms 

During this past year, the ASU West IT Department has successfully implemented network 
connectivity throughout the campus for users who desire to use their computers in places 
other than the usual designated office spaces and computer labs. Students and staff alike 
can now access their network file shares, check email, browse the web, and work on 
projects while sitting in the cafeteria, out on the grass, or under the shade of a tree. 

With the constant threat of virus attacks, Trojans, ... 

Keywords: 802. Ix, REAP, VPN, authentication, dynamic WEP, wireless network 
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Full text available: 'g.pM^MrM.K^^ Additional Information: fulLdtatjon, aMtC.act, citings, [ndex. temis 

Due to the explosive growth of electronic businesses carried on the Internet, non- 
repudiation services turn out to be increasingly important. Non-repudiation services 
protect the transacting parties against any false denial that a particular event or action has 
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taken place, in which evidence will be generated, collected and maintained to enable the 
settlennent of disputes. Several fair non-repudiation protocols have been proposed, which 
support non-repudiation of origin and non-repudiation of rec ... 

Keywords: dispute resolution, evidence chaining, fair non-repudiation, validity of 
evidence 



A new family of authentication protocols 

#Ross Anderson, Francesco Bergadano, Bruno Crispo, Jong-Hyeon Lee, Charalampos 
Manifavas, Roger Needham 

October 1998 ACM SIGOPS Operating Systems Review, Volume 32 Issue 4 
Publisher: ACM Press 

Full text available: 'Qpdf(82142 KB) Additional Information: full citation, abstract , citin gs, index terms 

We present a related family of authentication and digital signature protocols based on 
symmetric cryptographic primitives which perform substantially better than previous 
constructions. Previously, one-time digital signatures based on hash functions involved 
hundreds of hash function computations for each signature; we show that given online 
access to a timestamping service, we can sign messages using only two computations of a 
hash function. Previously, techniques to sign infinite streams invol ... 

Keywords: authentication, hashing, non-repudiation, timestamping 
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^ teims, review 

We present a protocol for unlinkable serial transactions suitable for a variety of network- 
based subscription services. It is the first protocol to use cryptographic blinding to enable 
subscription services. The protocol prevents the service fronn tracking the behavior of its 
customers, while protecting the service vendor from abuse due to simultaneous or cloned 
use by a single subscriber. Our basic protocol structure and recovery protocol are robust 
against failure in protocol termination. ... 

Keywords: anoymity, blinding, cryptographic protocols, unlinkable serial transactions 



ISOC symposium on network and distribute d sys tems se curity 
A. Dan Nessett 

April 1994 ACM SIGCOMM Computer Communication Review, Volume 24 issue 2 
Publisher: ACM Press 

Full text available: Additional Information: 



http://portal.acm.org/resultsxfm?coll=ACM&dl=ACM&CFlD=29427403&CF 9/11/2007 



Results (page 1): certificate +'one time password' +public 



Page 5 of 6 



'g|pdf(821. 23 KB) full c itation, index ter ms 



^ Article abstra ct s with full text o nline: G lobus sec uri ty model for grid environme nt 
Nltln V. Kanaskar, Umit Topaloglu, Coskun Bayrak 

November 2005 ACM SIGSOFT Software Engineering Notes, volume 30 issue 6 
Publisher: ACM Press 

Full text available: "gj pdf(372.40 KB) Additional Information: full citation, abstract, references, index terms 

Grid technology is increasingly being looked upon as a natural extension of the internet for 
engaging in complex data processing tasks over resources which are distributed across the 
world. Arcliitects and developers employing grid systenns must take into consideration 
security implications. Dynamic generation of virtual organizations leads to a synergistic 
picture which has to address security requirements never encountered before. Globus 
toolkit has devised a framework for making secure use of g ... 
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September 2005 Proceedings of the 2nd annual conference on Information security 
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Publisher: ACM Press 

Full text available: 'g] pdf(1 48.92 KB) Additional Information: full ci ta t ion, absiract, references, indexJeLms 

The Cryptography Course is a major part of Computer security, Information security, 
Network security and all Information security related courses [12, chapter 1]. This course 
could be offered to undergraduate level (S level) or graduate level students. This article 
focuses on the problem: If the Cryptography course is offered as two, consecutive courses, 
there Is no problem because there are about 30-32 weeks of Instruction for the 3-credit 
course (about 100 hours). This quantity of time is quite ... 
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August 2007 Proceedings of the 2007 international conference on Wireless 

communications and mobile computing IWCMC '07 
Publisher: ACM Press 

Full text available: "g gdlCSlg JO^ Additional Information: full citation. absLract, references, index te^^^^ 

Mobile communications offer a wide variety of services to people. All mobile subscribers 
can use a mobile device to access various resources and conduct their business anytime 
from anywhere. This feature has contributed greatly to the rapid development of mobile 
commerce. 

In fact, the Personal Trusted Device (PTD, such as PDA or mobile phone) lacks of 
computing resources has become a problem in mobile commerce development. In this 
paper, we overcome the limited computation power of mob ... 

Keywords: hashing chain, mobile commerce, server-aided signature 
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On-lin e e-wallet system with decentral ized credent ial keepers 
Stig Frode Mjolsnes, Chunming Rong 

February 2003 Mobile Networks and Applications, voiunne 8 issue i 
Publisher: Kluwer Academic Publishers 

Full text available:^ pdf(240.23 KB ) Additional Information: f ull citation , abs tract, refer ence s, i ndex term s 

We propose a generalization of the architecture of an electronic wallet, as first developed 
in the seminal European research project CAFE. With this model you can leave most of the 
content of your electronic wallet at the security of your residential electronic keeper, while 
roaming with your favorite mobile terminals. Emerging mobile handsets with both short 
range Bluetooth and cellular GPRS communications provide a sufficient communication 
platform for this electronic wallet architecture. Howe ... 

Keywords: digital credentials, e-wallet architecture, mobile commerce, payment 
protocols, privacy 



22 DRM experience: Analysis of s ecurity vulnera bil itie s in the movie pr oduction and 
distribution process 
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^ Simon Byers, Lorrie Cranor, Dave Korman, Patrick McDaniel, Eric Cronin 

October 2003 Proceedings of the 3rd ACM workshop on Digital rights management 

DRM '03 
Publisher: ACM Press 

Additional Information: fulj citatign abMract, references, citings, itidex 
terms, review 



Full text available: "gl pdf(285.80 KB) 



Unauthorized copying of movies is a major concern for the motion picture industry. While 
unauthorized copies of movies have been distributed via portable physical media for some 
time, low-cost, high-bandwidth Internet connections and peer-to-peer file sharing 
networks provide highly efficient distribution media. Many movies are showing up on file 
sharing networks shortly after, and in some cases prior to, theatrical release. It has been 
argued that the availability of unauthorized copies directi ... 

Keywords: digital rights management, file sharing, insider attacks, multimedia, physical 
security, policy 
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Security protocol s: P rovably secure passwor d-based authen t icat ion in TLS Q 
Michel Abdalla, Emmanuel Bresson, Olivier Chevassut, Bodo Moller, David Pointcheval 
March 2006 Proceedings of the 2006 ACM Symposium on Information, computer and 

communications security ASIACCS '06 
Publisher: ACM Press 

Full text available: 'Qpdf(378.65 KB) Additional Information: MUiMion, a bstract, reference s, index term s 

In this paper, we show how to design an efficient, provably secure password-based 
authenticated key exchange mechanism specifically for the TLS (Transport Layer Security) 
protocol. The goal is to provide a technique that allows users to employ (short) passwords 
to securely identify themselves to servers. As our main contribution, we describe a new 
password- based technique for user authentication in TLS, called Simple Open Key 
Exchange (SOKE). Loosely speal<ing, the SOKE ciphersuites are un ... 

Keywords: TLS, encrypted key exchange, password authentication 



P rotecti ng ap plication s w it h transient authentica tion Q 
Mark D. Corner, Brian D. Noble 

May 2003 Proceedings of the 1st international conference on Mobile systems, 

applications and services MobiSys '03 
Publisher: ACM Press 

Full text available: 'g| pd f(294.40 KB) Additional Information: full citatio n, abstract , reference s, cited b y 

How does a machine know who is using it? Current systems authenticate their users 
infrequently, and assume the user's identity does not change. Such persistent 
authentication is inappropriate for mobile and ubiquitous systems, where associations 
between people and devices are fluid and unpredictable. We solve this problem with 
Transient Authentication, in which a small hardware token continuously authenticates the 
user's presence over a short-range, wireless link. We present the fo ... 

26 New phase 1 exchange mode for IKE fram ewo rk Q 
^ J. M. Sierra, S. J. Shepherd 

^ October 2000 ACM SIGOPS Operating Systems Review, volume 34 issue 4 
Publisher: ACM Press 

Full text available: "Q pcifC^ll^^ Additional Information: MLd^^ abstract, references 

This paper describes some new extensions to the IKE Exchange Mode framework which 
both simplify the protocol and make each stage of the protocol more efficient. This will 
allow considerably faster security associations to be accomplished which is critical to 
system performance in time-limited protocols. 

Keywords: IKE, ISAKMP, Internet Security, Security Protocols 
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Every reader of this report has at sonne time verified his or her identity to a connputer 
system. Entry of a userid and password in response to computer prompting is the almost^ 
universal model for this simple but essential act. 

^® SP„.INS;.s^ 

Adrian Perrig, Robert Szewczyk, J. D. Tygar, Victor Wen, David E. Culler 
September 2002 Wireless Networks, volume 8 issue 5 
Publisher: Kluwer Acadennic Publishers 

Full text available- "PI Ddf(21 3 37 KB) Additional Information: full citation, ab str a ct, references, dtings, index 
*^ terms 

Wireless sensor networks will be widely deployed in the near future. While much research 
has focused on making these networks feasible and useful, security has received little 
attention. We present a suite of security protocols optimized for sensor networks: SPINS. 
SPINS has two secure building blocks: SNEP and pTESLA. SNEP includes: data 
confidentiality, two-party data authentication, and evidence of data freshness. pTESLA 
provides authenticated broadcast for severely resource-constrained ... 

Keywords: MANET, authentication of wireless communication, cryptography, mobile ad 
hoc networks, secrecy and confidentiality, secure communication protocols, sensor 
networks 
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October 2004 Proceedings of the 2ncl ACM workshop on Security of ad hoc and sensor 
networks SASN '04 

Publisher: ACM Press 

Full text available- *Pl Ddf(21 8 91 KB) A^^'*'^"^' Information: full ci tat ion, abstract, referenc es, citin gs, index 
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An ad hoc network is a collection of computers (nodes) that cooperate to forward packets 
for each other over a multihop wireless network. Users of such networks may wish to use 
demanding applications such as videoconferencing. Voice over IP, and streaming media 
when they are connected through an ad^hoc network. Because overprovisioning, a 
common technique in wired networks, is often impractical in wireless networks for reasons 
such as power, cost, and government regulation. Quality of Service ... 

Keywords: QoS routing, SQoS, ad hoc networks, quality-of-service, security, simulations 
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Single sign-on is critical for the usability of distributed systenns. While there are several 
authentication mechanisms which support single sign-on (e.g. Kerberos and X.509), it may 
be difficult to modify a particular legacy application to utilize an authentication scheme 
other than username/ password. Aslmple solution for single sign-on involves transmitting a 
user's password over the network. However, it is undesirable to expose a user's private 
password in an insecure environment. This paper d ... 

Keywords: grid portals, session passwords, single sign-on 
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Full text available* *P| pdf(.1 75 MB) Additional Information: full c it ation , a bstract , references , citings, i ndex 
• lAJ : te rms 

The design of mechanisms to control the sharing of Information in the Multics system is 
described. Five design principles help provide insight into the tradeoffs among different 
possible designs. The key mechanisms described include access control lists, hierarchical 
control of access specifications, identification and authentication of users, and primary 
memory protection. The paper ends with a discussion of several known weaknesses in the 
current protection mechanism design. 

Keywords: Multics, access control, authentication, computer utilities, descriptors, privacy, 
proprietary programs, protected subsystems, protection, security, time-sharing systems, 
virtual memory 
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Full text available: 'gl pdf(95,37 KB) Additional Information: full citatio n, ab stra ct, references , inde x terms 

Internet security has become a consistent and growing problem as new Internet-based 
technologies and applications are developed. The number of security violation related 
incidents continues to increase [6]. A reported incident can be as simple as a single 
computer being compromised or as severe as a complete network compromise involving 
hundreds of client computers. All Internet content you read, send, and receive carries a 
risk. The amount of security risks Increases at the same time that depen ... 
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Full text available: 'gj pdf(731 . 41 KB) Additional Information: full cit ation, abstract, ref ere nces 

Fingerprints have been used to recognize people for several decades. The advent of low 
cost inkless fingerprint scanners coupled with extra compute power available in client 
workstations, blonnetrics in general and fingerprints in particular are being considered for 
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many secure authentication applications. Lotus Notes is a groupware supporting email 
access and other activities such as calendar management included in it. In this paper, we 
describe the architecture of a system that integrates bo ... 
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October 1995 ACM SIGCOMM Computer Communication Review, volume 25 issue 5 
Publisher: ACM Press 

Full text available: 'g]pdf(479,39^^K^^^ Additional Information: MLQitMign, abstract, index terms 

Distributed computing is receiving an ever increasing amount of interest and with it come 
many challenges, not the least of which is how to maintain system and network security. 
Issues relating to user authentication, access authorization, and communication security 
must be addressed when multiple, heterogeneous systems are connected. While these 
issues have been addressed in OSFs DCE, several problems remain. This paper describes 
some of these problems. 

LiSP: A lightweight security protocol for wireless s e ns o r netwo rks 
Taejoon Park, Kang G. Shin 
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Publisher: ACM Press 
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Snnall low-cost sensor devices with limited resources are being used widely to build a self- 
organizing wireless network for various applications, such as situation monitoring and 
asset surveillance. Making such a sensor network secure is crucial to their intended 
applications, yet challenging due to the severe resource constraints in each sensor device. 
We present a lightweight security protocol (LiSP) that makes a tradeoff between security 
and resource consumption via efficient rekeying. ... 

Keywords: Authentication, key management, lightweight security, sensor networks 
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We developed a laboratory-based course on Internet Security. The course is aimed at the 
senior undergraduate. This paper discusses the course and explains how others can set up 
their own labs to teach this course. All the laboratory work is conducted in a laboratory of 
PCs running Linux. We developed lecture notes for the course, and a web site to widely 
disseminate these materials. 

Keywords: TCP/IP exploits, buffer overflow, ethics, firewalls, internet security, network 
security 
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Full text available: pdf(454.44 KB) Additional Information: full citation, abstiact, references 

Current software interfaces for entering text on touch screen devices mimic existing 
mechanisms such as keyboard typing or handwriting. These techniques are poor for 
entering private text such as passwords since they allow observers to decipher what has 
been typed simply by looking over the typist's shoulder, an activity known as shoulder 
surfing. In this paper, we outline a general approach for designing security-sensitive 
onscreen virtual keyboards that allow users to enter private text withou ... 

Keywords: input technique, keyboard, password, selective attention, touch screen, visual 
search 
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The resulting national focus on Network Integrity issues, spawned the development of an 
industry commitment to affect and realize a minimum security baseline for interconnected 
SS7 networks. In addition the affected carriers in those outage have accelerated their 
pursuit of secure solutions to today's intelligent networking. [2]This paper will focus on the 
development of the baseline and the current effort to take the baseline into national, e.g.. 
National Ins ... 
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